Professional Documents
Culture Documents
Risk Management
Technical Notes
Produced in conjunction with RSM Robson Rhodes
Office of the Deputy Prime Minister Eland House Bressenden Place London SW1E 5DU Telephone 020 7944 4400 Internet service www.odpm.gov.uk Crown copyright 2004. Copyright in the typographical arrangement and design rests with the Crown. This publication (excluding the Royal Arms and logos) may be reproduced free of charge in any format or medium provided that it is reproduced accurately and not used in a misleading context. The material must be acknowledged as Crown copyright with the title and source of the publication specified. Further copies of this report are available from: Kevin Davies ODPM 3/A6 Eland House Bressenden Place London SW1E 5DU Tel: 020 7944 5190 Fax: 020 7944 4099 E-mail: kevin.davies@odpm.gsi.gov.uk Published by the Office of the Deputy Prime Minister. Printed in the UK, February 2004 on material containing 100% post-consumer waste. Product code: 04LRGG 01971
Appendix A: Gateway Process Appendix B: Strategic Risks Appendix C: Generic Project Risks Appendix D: Corporate and E-government Risks Appendix E: Education, Health and Social Services Risks Appendix F: Transport and Environment Risks Appendix G: Reference Documents
PREFACE
INTRODUCTION
The former Department of Transport, Local Government and the Regions (DTLR) established the Strategic Partnering Taskforce (SPT) in September 2001 to support local authorities that wished to implement strategic service delivery partnerships. The SPT, which is now sponsored by the Office of the Deputy Prime Minister (ODPM), has a responsibility to carry out an active research programme and disseminate information in respect of partnering and improved service delivery. The work of the SPT represents part of the national strategy to provide firm foundations for better procurement. The SPTs responsibilities for that national strategy are set out in Towards a National Strategy for Local Government, the Joint Response of ODPM and the Local Government Association (LGA) on the review of local government procurement which was chaired by Sir Ian Byatt. In the foreword of the response John Prescott, Deputy Prime Minister, and Sir Jeremy Beecham, LGA, state that the work of the Strategic Partnering Taskforce, the conclusions of the Best Value Review and the capacity building proposals in the White Paper, Strong Local Leadership Quality Public Services, provide a sound foundation for a national strategy to improve local government procurement. The SPT is issuing a series of publications entitled Rethinking Service Delivery in response to that responsibility. The purpose of these publications is to offer practical solutions to local authority members and officers on how to go about achieving real improvement in services. These publications refer to, and make recommendations about, risk and risk management throughout the process of developing a strategic service delivery partnership (SSP), albeit briefly. These technical notes expand on what has already been said in these publications. Its purpose is to help guide and structure local authorities approaches to risk and risk management at a strategic and project level by allowing them to refer to one document that addresses the main issues of risk effecting major partnering contracts. The technical notes are designed to:
Guide local authorities when deciding on who to involve in the risk management process and at what stages in the project/partnership to consider risk;
Assist members and chief officers needing to consider the main strategic and corporate risks of a partnering project;
Assist local authority officers, risk and project managers to consider and manage possible project risks. It outlines a framework for: Identifying risks; Assessing risks; Controlling the risks; and Monitoring the risks.
o o o
ACKNOWLEDGEMENT
These notes have been produced under the guidance of the SPTs legal and technical team. Kate Fitzsimons from RSM Robson Rhodes has been the principal author of this publication. Her contribution is greatfully acknowledged. We also thank the local authorities, government departments, Audit Commission and other organisations that have made helpful comments on the draft versions of the guidance.
EXECUTIVE SUMMARY
INTRODUCTION
Strategic Service delivery Partnerships (SSPs) are considered to be one of the few ways of achieving step-change in service performance. Partnership deals do, however, carry risks and in order to achieve the desired step change the risks need to be initially identified and then mitigated and managed successfully. At their highest level, risks that impact on partnership success can be grouped into four categories:
Failing to ensure an effective strategic fit; Failing to identify and address the gaps and shortfalls in relationships; Failing to fully assess and plan for the organisational impact the changes will have; and Failing to robustly develop and test the economic case for the partnership.
To control these, particular care needs to be taken in defining the business case, going through the procurement process, specifically the preparation of contracts, and in establishing longterm relationship and contract management procedures. As a general rule, managing risks in a proactive way will help the partnership deliver its objectives. It is important to recognise, however, that risk is not entirely bad. Every major work effort does involve risk, however, with risk comes knowledge and opportunity the opportunity for planning to overcome potential threats to project success. The opportunity develops with the project teams knowledge and understanding of the risk factors and the preparation of a risk management plan to mitigate the risk. There are many definitions of risk and risk management but in their simplest form they can be defined as: Risk is a measure of the inability to achieve overall programme objectives within defined cost, schedule, and technical constraints and has two components: The probability of failing to achieve a particular outcome; and The consequences of failing to achieve that outcome.
Risk Management is the act or practice of controlling risk. It includes identifying risks, assessing risk areas, developing risk-handling options, monitoring risks to determine how risks have changed, and documenting the overall risk management programme.
A senior management team that includes members of staff from all organisations within the partnership, who support, own and lead on risk management; A risk management framework approved and agreed at the senior level, within which risks will be identified and managed on an on-going basis; An organisational and partnership culture, which supports well thought through risk taking and innovation; and Risk management thinking fully embedded in management processes and consistently applied throughout all project and partnership activities.
This guidance draws on the experiences of the SPTs pathfinders and best practice approaches used elsewhere both within the public sector and across other sectors and industries. Its aim is to summarise the key messages that are critical for an authority and its officers to consider when embarking on a SSP. The notes are not designed to be the sole source of advice on risks but capture the main points for consideration. Where appropriate reference is made to other guidance that will help inform an authority and the key stakeholders on risk.
CHAPTER 1
1
1.1
1.2
1.3
1.5
To ensure that risk management is considered an integral part of project management and that risk management activity is integrated within normal partnership tasks;
To develop the risk management plan; To facilitate the identification of risks; To process risk data to enable the risk register to be populated and updated;
1.6
To prepare risk reports for scheduled and on-going review meetings; and To keep a record of lessons learnt.
Summarised below are tips for the Risk or Project Manager on how to lay the groundwork for successful risk management:
Demonstrating clear ownership of the risks; Plan, plan, plan there is no substitute for planning before commencing the project; Involve all stakeholders in risk identification; Conduct risk discussions as a normal part of project/partnership meetings; Keep the risk management process short and simple but an on going not a one off task.
Specialist Groups: Departmental representatives; Internal Audit; Health and Safety; Information Technology; Personnel.
10
1.8
The Risk Management Group needs to fit into a wider risk management structure and the roles and responsibilities of the group need to be clear and defined. At one end of the scale the group will assign risks to an appropriate risk owner who is the identified and agreed person most appropriate to control an individual risk and is responsible for monitoring and managing the risk. At the upper end of the scale it will feed into a senior management and governance group.
1.9
The appropriate risk management structure and number of people to be involved will depend on the size of the organisation and staff availability. A suggested risk management structure for a large organisation undertaking a major partnering contract is shown below: Figure 2: Risk Management Structure
Senior Officers Group Members Group
Recommendations Governance Group (Independent review and assessment of risk management plan/risk register) Validated/Prioritised Risks
1.10
The following questions can be asked and used as a checklist to ensure the risk management structure has been established effectively:
Is there partnership wide involvement in the structure? Does everyone in the structure understand the importance of risk management? Does everyone in the partnership have a clear view of the risk process?
11
Assessing the probability and impact and formulating plans for risks they own; Implementing the plans to manage risks for which they are responsible on time; Updating the Risk and Project Manager on a regular basis regarding progress; Reporting on the progress of risks for which they are responsible to the Risk Management Group during risk reviews.
JOINT WORKING
1.12 Joint working and partnerships often involve more complex types of risk, which can, if not correctly managed, adversely affect the delivery of services to the end users. More specifically, it is considered that risk is increased disproportionately in multiorganisation projects, be it with the public, voluntary or private sector, and as such this will need to reflected in the partnership risk management plan and in judging how many risk managers are needed. It is important to be aware of the risk management processes across all partners at the outset. Sharing data and information in this instance will help to ensure that all risks are joined up and risks can be identified and managed in a proactive and in the most efficient and effective way.
1.13
1.14
12
CHAPTER 2
2
2.1
In the project management; In the procurement process including the evaluation of partnership proposals strategic and economic assessment; In the transition of the organisation; and On into the partnership post contract award.
2.2
Risk identification will start at the partnership vision stage and will be carried out regularly throughout the lifecycle of the partnership procurement and on into the partnership arrangement. Risk, however, is not a one-time task to perform at stages of the project or partnership evolvement. The aim should be to embed risk management into the culture of the Council and its partnership arrangements. Best practice shows that real benefits can be gained by undertaking the long term management of risks as a co-operative process between all parties in the partnership. In particular, a common risk management process as the partnership relationship develops will facilitate the use of common risk information and minimise duplication of effort and resources. Risk management objectives that should be agreed both internally within the local authority prior to procurement of, or working with a partner and externally, post procurement with the partners themselves. The objectives should include:
2.3
2.4
2.5
To use best practice to manage risks; To create an environment that allows the partnership to anticipate and respond to change;
To prevent damage and loss, and reduce the cost of risk to all parties in the partnership; and
13
2.6
To raise awareness in managing risks throughout the Council and its partners.
Additionally, it is suggested that a risk management strategy is agreed, and documented, and that the document that is regularly reviewed and updated by the partnership. The importance of adopting a risk management approach from the outset of defining the strategic partnering vision is that it:
2.7
Improves the likelihood of success for turning vision into reality as it encourages forward thinking and thus minimises unwelcome surprises; Increases visibility - Involving all stakeholders raises risk awareness and enhances accountability; Enhances communication which in turn improves the basis for strategy setting, performance management and decision making; Adds realism from the outset, which gives a better basis for the allocation of resources and timetabling of the project.
14
15
CHAPTER 3
4
4.1
AN OVERVIEW
4.2 Risk management involves identifying, analysing, and responding to risk factors that impact on a project or its objectives. In particular, the system must quantify the risk and predict the impact to the project. The two main objectives of risk management are to:
4.3
Focus attention on minimising threats in order to achieve the project objectives by performing a high-level assessment of risks with all project stakeholders, and Provide a systematic approach for detail risk analysis and appraisal by: Identifying and assessing risks. Determining effective risk reduction actions. Monitoring and reporting progress in reducing risk.
4.4
Risk management should involve five basic steps shown below: Figure 3: Five Steps of Risk Management:
1. IDENTIFY THE RISKS
16
4.5
The remainder of this section recommends a framework for addressing each of the five steps and can be used as guidance by Risk and Project Managers to structure an approach or as a checklist against their own approach.
4.7 4.8
4.10
The vision and business case for the partnership; The specific deliverable and work processes that may be affected by the organisational change;
4.11
Any milestones and scheduled dates; The resources impact from a value and sources perspective; and Performance requirements of all partners.
Once an appropriate group has been formed and objectives, plans and strategies are understood, the group will be in a position to identify risks.
17
4.12
When identifying risks there is sometimes a danger of focusing solely on risks that are internal as opposed to threats and opportunities from external sources. It is useful to check that the risks identified relate to internal and external factors. There are a number of techniques that can be used, where possible, to involve stakeholders and generate ideas in risk identification. These are summarised below:
4.13
Brainstorming Use a facilitator. Involve a good range of stakeholders. Ensure that the forum allows open and honest discussions. Interviewing Can be one-to-one with project team members and/or key stakeholders to talk about risks they believe may impact on the project; Learning from experience Compare with similar projects where possible.
4.14
In order to aid risk identification you can also use a generic prompt list to generate initial thoughts and to act as a stimulus to identify risks. The following section outlines generic risks that may be used as a prompt list.
4.15
4.17
Risk assessment explores the impact risk events have on a project. Cost is the obvious impact, but this is not the only issue. Risk assessment can include both qualitative and quantitative assessments of the probability of identified risks occurring and the impact of these in terms of:
4.18
The decision on which qualitative and/or quantitative risk assessment model is most appropriate for an authority will depend on how sophisticated the risk management skills are within the authority and the nature of the risk. The remainder of this section sets out a framework of both qualitative and quantitative approaches.
18
Qualitative Analysis
4.19 Qualitative analysis involves describing the risk, why it may happen, and possible ways of controlling it. The analysis of probability and impact is carried out primarily by the Risk Owner, as they should be the person best able to analyse, plan and manage the risk. The analysis should, however, involve any relevant stakeholders, such as subject matter experts that may be able to provide informed views on levels of probability and impact.
Probability of Occurrence
4.20 The first stage of assessing the likelihood of occurrence is to review the long list of risks identified and eliminate the risks, which, on reflection, the Risk Management Group believes will not occur. The remaining risks then need to be classified in terms of their probability of occurrence. To ensure consistent assessment of risks it is necessary to have an agreed set of project and partnership criteria. A generic set of criteria has been defined below but these need to be tailored for specific projects and partnerships. It is recommended that the Risk Management Group define and agree the appropriate criteria: High Risk: Likely to cause significant disruption to schedule, cost and performance of partnership. Probability of occurrence >50%; Has the potential to cause some disruption, however, potential problems may be overcome. Probability of occurrence 20-50%; Has little potential to cause disruption to schedule, cost and performance of partnership. Normal effort by the project team and partnership members will probably overcome most difficulties. Probability of occurrence <20%.
4.21
4.22
4.23
Medium Risk:
Low Risk:
4.24
Severity of Impact
4.25 This stage is about evaluating each risk in terms of its possible impact on the project/partnerships baselines of time, cost and performance. As with the likelihood of occurrence the first stage is to eliminate any risks that the Risk Management Group believes have no or only trivial impact on the baseline requirements.
19
4.26
As stated under likelihood of occurrence, to ensure consistent assessment of risks it is necessary to have an agreed set of project and partnership criteria. A generic set of criteria has been defined below but these need to be tailored for specific projects and partnerships and it is again recommended that the Risk Management Group define and agree the appropriate criteria:
Impact Rating LOW TIME Effect of risk delays schedule or partnership implementation for: <3 months Effect of risk increases cost by: <10% of total or budgeted cost A few shortfalls in performance parameters of scope requirements, acceptance and quality. MEDIUM Effect of risk delays schedule or partnership implementation for: 3-6 months Effect of risk increases cost by: 10-30% of total or budgeted cost Some shortfalls in one or two areas of scope requirements, acceptance and quality. HIGH Effect of risk delays schedule or partnership implementation for: >6 months Effect of risk increases cost by: >30% of total or budgeted cost Major shortfalls in key parameters of scope requirements, acceptance and quality.
4.27
COST
PERFORMANCE
4.28
As part of the qualitative analysis it is important to consider and balance the negative risks with the potential opportunities an SSP will generate. This part of the risk assessment is a good time to include this by assessing opportunities against the same agreed criteria, although the impact definitions would be beneficial (for example, medium time impact would be a potential saving of 3-6 months rather than a delay). Once the probability of occurrence and the level of impact a risk will have are assessed in this manner the risks need to be grouped into an order of priority for dealing with the risks. An easy way to present this information is on a chart similar to the one shown in figure 4.
4.29
20
Impact of Risk
Likelihood of Risk
4.30
High impact and high probability of occurrence risks clearly need to be the ones that are focused on in more detail (i.e. categories A to E shown on the diagram).
Quantitative Analysis
4.31 Quantitative analysis involves attempting to describe risk in numerical terms. To do this requires a number of steps to be followed, namely:
4.33
The number of staff to be affected by the new arrangements; or The total cost of failure of the partnership.
Within the definition consideration and parameters need to be set for the time frame over which risk is to be measured.
21
Construct a Pathway
4.34 Constructing a pathway involves consideration of all the sequential events that must occur for the adverse event to occur. This will involve considering what if scenarios.
Building a Model
4.35 Given the risk pathway, a mathematical model then needs to be constructed that allows risk to be estimated. To do this, each step in the pathway and the corresponding variables for those steps need to be considered. Scores can then be assigned to each of the input variables. These are sometimes referred to as point-values. The relationship between the variables is then used to generate a point-value estimate of risk. To test the sensitivity of the model three point values are used that relate to a minimum, maximum and most likely estimate of impact. 4.37 The two main limitations of this type of modelling are that only three values are used where in reality a larger number of values may be appropriate and that this model does not make any use of the fact that the most likely estimate will occur more frequently. A more refined financial model considers probability of occurrence for each of the input variables. Using probability distributions, all possible combinations are accounted for. A common approach used for this type of modelling is called the Monte-Carlo simulation. This is a computer intensive technique that involves random sampling for each probability distribution within the model to produce a large number of scenarios. Specialist software packages are available to run Monte-Carlo simulations. As stated earlier, the decision on which qualitative and/or quantitative risk assessment model is most appropriate for an authority to use as part of their risk management will depend on how sophisticated the risk management skills are within the authority, what the risks are and what software packages they have access to.
4.36
4.38
4.39
4.40
4.42
22
Accepted risks: Currently acceptable to the project/partnership and therefore no action will be taken to mitigate or prevent these risks at this stage. They should however be regularly reviewed and assessed.
Rejected risks: Currently not considered to be a valid or real threat to the project/partnership at this stage.
Risks to be handled: These are the risks that require action to reduce or eliminate them.
4.43
For those that fall into the third classification mitigation plans need to be prepared. These are the risk control options that set in place actions to reduce the probability and or the impact of a risk prior to its occurrence. Within the mitigation plan all actions must be aligned to the single, most appropriate overall mitigation strategy. Mitigation options are:
4.44
Eliminate or avoid the risk; Reduce the risk; Transfer the risk; or Accept the risk.
Changing the direction or strategy and revisiting objectives; Improving channels of communication; Obtaining further information from external sources; Acquiring expertise; Reducing the scope of the activity; Adopting a familiar proven approach.
23
4.48
Financial instruments such as insurance, performance bonds, warranties or guarantees; Renegotiation of contract conditions for the risk to be retained by the other party; Seeking agreement on sharing risk with the other party; Sub-contracting risks to consultants or suppliers. (Note: For this to be an effective transfer of risk, the sub-contractor must be in a position to own and manage the risk appropriately and have sufficient financial standing to bear the consequences of the risk materialising. Levels of insurance carried for insurable risk should also be checked).
4.50
24
4.51
4.52
Consider the cost versus benefit of different options; Assess all possible mitigation strategies; Take action at the earliest possible point in time.
Additionally, to be effective, risk responses must meet a number of important criteria. Use the checklist below to ensure all response are:
Appropriate (i.e. do nothing for small, minor risks) Cost effective Actionable defining the time within which responses need to be completed Achievable responses must be realistic Effective responses must have a high chance of working Agreed upon by all partnership stakeholders Allocated and accepted each response should be assigned to ensure the most appropriate point of contact.
4.53
It is also suggested that despite choosing an option for how you will handle risk that a fallback/contingency plan is discussed for the cases where a mitigation plan fails to achieve the intended effect. As with the assessment of risks it is important to consider the opportunities the SSP will generate and to apply the same planning approach to them. The difference, however, will be, instead of trying to reduce or eliminate the impact with an opportunity, the options for handing them should attempt to make them more likely to occur or enhance their beneficial impact. As an output from this stage all agreed actions should be recorded within a project/partnership risk register.
4.54
4.55
25
4.57
4.58
4.59
4.61
26
CHAPTER 4
5
5.1
STRATEGIC RISKS
5.2 In this instance strategic risks refer to high level threats of an SSP, at the pre contract procurement or post contract stage. These should be considered by members, chief officers and senior staff in the organisation(s) that are considering involvement in a partnership arrangement. The Rethinking Service Delivery publications make reference to the OGC gateway review process, as it is being field tested for local government by the 4ps, the key stages of the process are set out in appendix A. The review process envisages strategic risks being identified as part of the overall analysis of business need and in developing the business case before gateway review 1. If this is the position, it enables high-level threats to be assessed and researched with the aim of developing strategic and management responses that will help secure a sound strategic framework for the project/partnership from the outset. Strategic risks must be well understood at the outset, and a risk management approach developed appropriately to be applied throughout each project stage before authorisation is given to proceed to each stage of the partnership procurement process. The partnership should have a set of agreed objectives. Risks should be identified against these objectives. Initially, this would only be for the highest order of risk. These high level risks will then be considered and managed by senior staff and thus increase the organisations ability to meet its objectives. Risks at the strategic and corporate level will then frame the context for more detailed risk management at the project specific level. Detailed in appendix B are examples drawn from SPT pathfinder projects of the main risks to be considered at the strategic and corporate level. Suggestions are also made
5.3
5.4
5.5
5.6
27
of ways to mitigate and control the risks. They have been grouped into risks that arise due to:
Failing to ensure an effective strategic fit; Failing to identify and address the gaps and shortfalls in relationships; Failing to fully assess and plan for the organisational impact the changes will have; and Failing to robustly develop and test the economic case for the partnership.
5.7
It is stressed that the tables outline the main risks to be considered but do not constitute an exhaustive list for every partnership arrangement. Additionally, the suggestions of how to mitigate and control the risks are for guidance only and there may be a more appropriate approach depending on the individual circumstances. The Risk Manager can use the tables shown in appendix B as examples to stimulate discussions in an authority considering SSPs.
5.8
PROJECT RISKS
5.9 In this instance project level risks relate to factors that may affect progress against phases and milestones of the partnership arrangement. It also includes risks at the operational level that relate to technical problems, supplier and contract management. Project risk assessment is not a one time task, it is a task that must be periodically updated throughout a project life cycle for several reasons:
5.10
To monitor and measure progress in risk management; To provide management with visible target dates and milestones in risk management activities,
5.11
To identify new risk items and issues, and To establish new risk management priorities.
The following categories can be used as a starting point for identifying the main areas of project risk involved in SSPs. They have been derived from the experiences gained from a number of strategic partnering pathfinders, as well as from other projects outside of the pathfinders: Eight categories of risk:
28
5.12
Technical and operational risks; Political risks; Stakeholder interest risks; Financial risks; Organisational management/human resource risks; Legal risks; Procurement risks; Commercial risks.
Set out in appendix C are examples of the typical risks that could fall under these categories. The risks relate to those that may be experienced in a partnering contract of a public-public or a public-private nature. Additionally, in appendix D, E and F are examples of sector specific risks drawn from examples of pathfinder projects. As with the strategic risks, these appendices can be used to give examples to help stimulate discussions on possible risks in authorities embarking on SSPs in the future.
5.13
5.14
The lists are to act as tools to prompt risk identification and they should not to be used as ready prepared risk registers or a definitive list of risks. Every partnership will have bespoke risks that may not be detailed. In additional not all risks listed will apply to every partnership.
29
CHAPTER 5
6
6.1
Risk Management
Suggested tools to be used to support risk management within the partnership are:
A risk management plan/strategy; A risk register; A risk adjusted financial model; and A partnership issues log.
RISK REGISTER
6.3 The risk register is a record of all risks and their potential impact to the partnership. This is maintained by the Project/Risk Manager but should be made available to the whole project team to ensure there is a common and agreed understanding of the risks involved. It should be updated at the agreed frequency. For each risk identified the risk register should record:
6.4
Reference number; Source of risk; Type/category of risk; Description of risk; Consequences and likelihood of risk occurring;
30
Risk treatment; Risk owner; Target date for action/treatment; Action implications; Action status; Fallback/contingency plans; and Change history.
6.6
6.7
31
32
33
Gateway intervention
Business strategy
Options identified and appraised; affordability, achievability and value for money established
(or equivalent internal process) Develop procurement strategy; specify requirements; update business case
Award of contract/statement of work or transition to new contract; asset or service ready for delivery
Manage contract
Gateway Review 5
Benefits evaluation (repeated as required)
Mclosure
34
Lack of political support for a public private partnership or political alignment in public public partnerships. Local political leadership changes and support for the deal wanes (both at the outset and in the future). Local authority policy changes.
Strategic dependence on one partner may reduce the authoritys ability to seek improvements in efficiency and quality.
35
Risk
Mitigation sensitive areas such as pooled budgets and accountability that may results as part of the partnership arrangements.
Authority does not have adequate management capacity to manage the procurement, negotiation and change management processes.
It is critical that buy-in from all key stakeholders is achieved. Missing out a key stakeholder could be detrimental to the long term partnership objectives. Ensure a thorough brainstorming session takes place early on to identify key stakeholders. Continually revisit/test the key stakeholder list to ensure everyone has been captured.
Partner fails to value staff and does not look after them well, providing poor terms and conditions and insufficient opportunity for personal development.
Where contracts are squeezed very tightly and inadequate flexibility provided for business process re-engineering and cross-skilling, partners may find their only opportunity to make any profit is by reducing the number of staff or renegotiating the terms and conditions of those staff. TUPE will protect staff terms and conditions at initial transfer and Workforce Code will protect new joiners. Partners should be encouraged through the structure of the payment mechanisms within contracts to provide training and personal development opportunities for all staff.
Choose the right contract for your circumstances public public partnerships need a contract as well as public private partnerships.
36
Risk
Mitigation Research has shown that good partnerships have two types of contract: 1. A partnership agreement, which describes high level processes such as gain sharing and scope, describes the structure and role of the partnership board and establishes relationships and behaviours between the partners. Stand-alone contracts, which specify the scope and work of the programme and contain conventional terms and condition.
2.
This ensures that, even if the partnership breaks down, the service delivery contracts will stand and deliver, albeit without the flexibility over the lifetime of the deal that the partnership enabled.
Relationship with partner breaks down and subsequently one of the major partners withdraws.
No matter how good a relationship may be, difficulties will always arise from time to time. Ensure mechanism for conflict resolution is agreed with all partners at negotiation stage. Create a joint strategic board for the partnership that meets regularly to discuss issues. Draw up a joint risk register and keep it under review throughout the contract. When problems are looming on the horizon, talk about them and work on a solution together before the risk matures and the impact is felt. Keep monitoring of PIs transparent and honest.
Authorities need to understand clearly what form of relationship they will need to build and maintain in order to support the contractual structure and payment mechanism, which they have decided to adopt.
Have a partnership agreement that sets out partnership objectives and protocols. Define a formal and informal communication and consultation strategy. Define and agree a partnership structure with clear responsibilities post contract implementation.
37
Risks of failing to assess and plan for the ORGANISATIONAL IMPACT the changes will have:
Risk 1 Lack of clarity about the status of the partnership and subsequent misunderstanding of process and commitments either internally in the organisation or externally with the different parties of the partnership. Local authority structure and culture inappropriate for forming and maintaining strategic partnerships. Mitigation Develop partnership agreement as soon as possible that details commitments of all parties. Define and agree partnership protocols. Ensure members buy-in at all stages of the procurement and throughout the lifetime of the agreement. Keep staff fully informed of plans for development of strategic partnerships. 3 Improvements do not meet Councils and/or publics expectations. Deals, which gain visibility to the end-user, may generate unrealistic expectations for speed and scope of service improvements. Ensure data is being collected well before contract award for comparison, to align expectations about service improvements. Measure customer satisfaction and manage customer expectations. This implies a pro-active role for the local authority before and during the lifetime of the partnership arrangement.
Assess the financial and non-financial implications of the new arrangements on existing contracts, commitments and initiatives.
38
Risks of failing to robustly develop and test the ECONOMIC CASE for the partnership:
Risk 1 Failure to commit resources to the business case for the fear that the investment in time and resources will be abortive as proposals may not represent a value for money or be affordable. Mitigation This risk is managed by adopting well-constructed processes in formulating an outline business case (OBC). A thorough financial evaluation, including a robust affordability model, needs carried out. Ensure a robust financial plan. Ensure guarantees are provided, and proof of access to finance is obtained early in the negotiations. Convene on-going risk management workshops. Draw on good previous examples. Manage legal advisers and seek to keep the contracts simple and concise. Prepare an overarching partnership agreement and supplement this with straightforward service delivery contracts based on an output specification. 5 Any partner fails to fulfil contract requirements. Ensure contracts are kept simple and it is clear from the beginning who is responsible for delivering what and when. Select the right partner. Ensure that there is a logical mechanism for review and possible termination for individual service bundles, so that bad performance in one area, if not resolved even after working through it together, need not wreck the whole deal. 6 Private sector partner faces financial difficulty. Remember that this is a partnership and there should be early discussions if this situation arises to ensure all parties are aware of the situation and there is the opportunity to discuss necessary actions. Ultimately, ensure contract covers this eventuality explicitly and provisions are made to deal with the situation if it arises. This will be in the form of an appropriate exit strategy. Where a joint venture company (JVC) is being formed with the private sector organisation, ensure that the Council defines its and limits its liability for trading losses incurred by the JVC. 7 Public sector partner withdrawal. Multi-authority projects run the risk of one or more partners withdrawing. At the commencement of a project all partners have commitment to its objectives. The risk will need to be continually monitored and alternative strategies developed in outline if the withdrawal of a potential partner occurs. Ensure that appropriate benchmarking and market testing processes are in place and used regularly throughout the lifetime of the partnership contract.
Lack of clarity about when financial benefits are to be realised and Investment funds fail to come through from private sector partner.
3 4
No objective approach to sharing cost. Contract and partnership development costs are too high.
Inspection reveals poor value for money is being obtained through the partnership.
39
Risk
Mitigation Set up partnership boards and ensure that nonexecutive members are appointed to that board to provide an objective governance function.
Reduction in competition throughout the lifetime of the deal will impair value for money.
Appropriate benchmarking and market testing are absolutely imperative where contracts exceed 5 years in length. Proving value for money is not always easy; the method for achieving this should be described in the contract. Look at value for money criteria by reference to a wide context consider issues such as economic regeneration, sustainable development and social inclusion. Partners need to be incentivised to provide innovation and service improvement over the lifetime of the contract. Contracting for outcomes, rather than outputs, may be one solution.
40
25
Changes to the services required from the Partner (as a result of Best Value service reviews or inspections, benchmarking exercises or internal or external audits relating to the Council's retained services) Change in volume of service requirements Assets owned/managed by the partnership are damaged by fire, flood or by a third party (accident, vandalism etc) Assets owned/managed by the partnership cause damage or physical injury to a third party
26 27 28
41
29 30 31 32 33
Need to comply with statutory requirements and responsibilities Lack of risk management expertise Failure to involve professional assistance and expertise e.g. legal, at the right stage. Contract/partnership management role not sufficiently defined Failure to apply an effective health and safety management and monitoring system across the partnership.
Political Risks
1 2 3 4 5 6 Different approaches to political structures (e.g. cabinet vs. committees) causes inconsistencies National projects fail to deliver promises Emphasis on regional government entrenches authorities individually in a fight for survival Political leadership changes leading to conflicts within the organisation Change in local authority functions e.g. Benefits CPA Inspection or audit recommendations change focus/priorities for the authority.
Financial Risks
1 2 3 4 Failing to define and develop cost of procurement Outline project affordability relating to programme/projects not accurate Inability to achieve savings by accurately outlining costs & resources required Insufficient financial support to complete projects
42
5 6 7 8 9 10 11 12 13
Savings to fund complete programme not achieved quickly enough, or not at all Changes in how the organisations trade or operate affect their VAT position Failure of partner to raise finance required for implementation Changes in tax affects affordability, pre or post contract signing Unanticipated finance costs Price variation indices running at a different rate than that assumed in any financial model or contractual index Changes in interest rates not planned for Cost of insurance underestimated Cost projections are inaccurate affecting future iterations of a project
Procurement Risks
1 2 3 4 5 6 7 Practical fallback option not clearly understood Developing unrealistic process & milestones Not succeeding in managing different expectations internally Not succeeding in managing different expectations externally There is no ownership for key issues/processes Communication within public partners is weak Baseline requirement unacceptable to suppliers
43
8 9 10 11 12 13 14 15 16 17 18
Failing to maintain competitive approach in final negotiation There is no real evaluation criteria (including credibility) when selecting preferred suppliers There is insufficient information available to review cost/capability/availability of external advisor/s Procurements fail to recognise business critical factors Inability to deliver a quick win to demonstrate benefits Insufficient market appetite/competition Lack of accuracy and adequacy of the partners assumptions as to the cost of and risks involved in service provision. Lack of clarity or definition in user output specifications and other requirements. Not developing a mandatory minimum proposal structure Lack of flexibility in partnership contract Insufficient expertise to conduct the procurement in accordance with the regulatory and policy framework
Legal Risks
1 2 3 4 5 6 Legal constraints (e.g. Data Protection Act) prevent or delay joining-up and partnership working Partnership dependence on existing assets and rights of assets bought under the partnership Conflict over intellectual property rights Transferability of licences and other third party contracts not sufficiently investigated Changes to the services required as a result of new laws or regulations or changes in existing laws or regulations Failure of partner to comply with relevant laws and regulations (including in relation to telecommunications, health and safety, data protection and human rights) or the partner causing the Council to be in breach of any law or regulation TUPE challenge to secondment arrangements between the partnership Breaches of procurement regulations
7 8
Commercial Risks
1 2 3 4 5 6 7 8 9 10 11 12 13 14 There is insufficient information available to review and define capacity/skills/resources Cultural acceptability leading to change management problems underestimated Failing to establish communication process & mechanism Political acceptability not tested sufficiently that leads to internal conflictions Lack of stakeholder involvement leading to misunderstanding of scope & requirements Project creep i.e. uncontrolled drift away from original objectives Failure to maintain sub-contractors effectively leading to disputes Take up by customers is lower / slower than projected Partnership fails to meet customer expectations of improved services Partnership does not understand customer demands due to current level of public consultation Partnership fails to identify changes / evolution in customer requirements Changes in volume of service required outside the defined parameters and therefore not planned for. Perceived threat to empires reduces management buy-in Service benefits may not be delivered quickly enough
44
15 16 17 18 19 20 21
Lack of consistent senior officer attention / understanding across all authorities Lack of clarity over executive powers and the role of scrutiny Lack of consistent Member attention / understanding across all authorities Quality, condition and quantity of assets, furniture and office equipment, tools and plant etc to be transferred into the partnership not sufficiently defined and priced for accordingly. Suitability of existing premises or assets to be used by the partnership not properly assessed Difference in insurance policies taken out by the different parties in the partnership can lead to uncertainty in the event of claims and litigation. Lack of awareness of factors external to the partnership day to day operations that can affect the overall delivery
45
46
Political Risks
1 2 3 4 5 6 Failure to achieve social inclusion within access to services Failure to achieve geographically inclusive access to services Swing in political power over period changes emphasis on e-Government Government fails to deliver technical standards Issues of information security, authentication etc not resolved nationally New Government orders/strategies change emphasis on e-Government
Financial Risks
1 2 3 4 Failure or inadequacy of technology leading to delays and/or unforeseen costs. Delay and/or unforeseen costs as a result of incompatibility, integration and/or interface issues. The partner reconfigures the transferred processes in such a way that causes the Council to incur unexpected costs and expenses Unexpected changes in licensing costs and carrier costs Increased risk in duplicating transactions via electronic processing
Procurement Risks
1 2 3 4 5 Lack of standardisation within procurements to clarify the role of IT in joining-up Technical infrastructure is inadequate for continuing development Lack of service client control over IT New technologies may not perform to promised standards Rate of technology changes overtake investments already made
Legal Risks
1 Data Protection / Human Rights Act inhibit joining-up
Commercial Risks
1 2 3 4 5 Public resist change and do not use new channels Citizens do not understand the concepts of e-Government Electronic service delivery is regarded as an add on, rather than improvement New channels may not be available quickly enough to meet public demand Virus introduced into a system key for business operations
47
Political Risks
1 2 Lack of understanding of sensitivities involved in providing a people intensive service Change in central government policy and approach
Legal Risks
1 Possible lack of clarity as to responsible body in the partnership and what standards should be met.
48
Financial Risks
1 2 Lack of compliance with funding requirements Capital cost over-runs
49
Commercial Risks
1 2 3 Changes in design standards and Codes of Practice The need to redesign due to defects in the original design Third party claims against the partnership
50
2. 3.
4.
5. 6.
51